Cookies

Cookies can be classified as
follows:

Session cookie

A session cookie only lasts
for the duration of users using the website. A web browser normally
deletes session cookies when it quits. A session cookie is created
when no-Expires directive is provided when the cookie is created.

Persistent
cookie

A persistent cookie will
outlast user sessions. There expiry time can be set when a cookie is
initially created.

Secure cookie

A secure cookie is only used
when a browser is visiting a server via HTTPS, ensuring that the
cookie is always encrypted when transmitted from client to server.
This makes the cookie less likely to be exposed to cookie theft via
eavesdropping.

HttpOnly cookie

The HttpOnly cookie is
supported by most modern browsers. An HttpOnly session cookie will be
used only when transmitting HTTP (or HTTPS) requests, thus
restricting access from other, non-HTTP APIs (such as JavaScript).
This restriction mitigates but does not eliminate the threat of
session cookie theft via cross-site scripting (XSS). This feature
applies only to session-management cookies, and not other browser
cookies.

Third-party
cookie

First-party cookies are
cookies set with the same domain (or its subdomain) in your browser's
address bar. Third-party cookies are cookies being set with different
domains from the one shown on the address bar (i.e. the web pages on
that domain may feature content from a third-party domain - e.g. an
advertisement run by www.some-ad-co.com showing advertisement
banners). (Privacy setting options in most modern browsers allow
blocking of third-party tracking cookies).

Super cookie

A "supercookie" is
a cookie with a public suffix domain, like .com, .co.uk etc.

Most browsers, by default,
allow first-party cookies—a cookie with domain to be the same
or sub-domain of the requesting host. A supercookie with domain .com
would be blocked by browsers; otherwise, a malicious website, like
attacker.com, could set a supercookie with domain .com and
potentially disrupt or impersonate legitimate user requests to
example.com.

Zombie cookie

A zombie cookie is any
cookie that is automatically recreated after a user has deleted it.
This is accomplished by a script storing the content of the cookie in
some other locations, such as the local storage available to Flash
content, HTML5 storages and other client side mechanisms, and then
recreating the cookie from backup stores when the cookie's absence is
detected.

Apart from server,
java-script can also set cookies. This can be done as:

document.cookie =
“name=value”

An HttpOnly
cookie is
not available for read/write by JS

Like us on Facebook to remain in touch
with the latest in technology and tutorials!

Got a thought to share or found abug in the code? We'd love to hear from you: